How JLR's Category 3 Cyber Attack Caused Production Shutdown

A cyber attack on Jaguar Land Rover’s IT systems triggered a five-week production shutdown, paralysing its supply chain and resulting in an estimated £1.9bn (US$2.5bn) loss.

The incident, which began on 1 September, halted the carmaker’s manufacturing output completely and is considered the most financially damaging cyber event of its kind in UK history, with shockwaves still impacting around 5,000 associated businesses.

The attack brought vehicle production to a standstill across Jaguar Land Rover’s (JLR) three main UK plants in Solihull, Wolverhampton and Halewood.

According to The Society of Motor Manufacturers and Traders (SMMT), the five-week halt in production at Britain's biggest automotive employer meant overall UK car production fell by 27% in September to just over 51,000 vehicles, the worst September for the industry since 1952.

Analysing the category 3 cyber threat

The Cyber Monitoring Centre (CMC), an independent non-profit that tracks high-impact cyber events, classified the breach as a Category 3 event, which denotes an external cyber threat with serious consequences.

The financial fallout highlights the severe vulnerabilities within critical national infrastructure and large-scale manufacturing operations.

Full recovery is not expected before January 2026.

Ciaran Martin, Chair at the CMC, says: “With a cost of nearly £2bn, this incident looks to have been by some distance, the single most financially damaging cyber event ever to hit the UK.

“That should make us all pause and think. Every organisation needs to identify the networks that matter to them and how to protect them better, and then plan for how they'd cope if the network gets disrupted.”

Digital disruption across the supply chain

The disruption was not contained within JLR.

The CMC reports that no fewer than 5,000 businesses, including suppliers, logistics firms and service providers that depend on JLR’s production, were directly affected by the IT systems failure.

To help mitigate the cascading impact, the UK Government intervened to stabilise the supply chain with a £1.5bn (US$2bn) loan guarantee, which was secured by JLR through UK Export Finance’s Export Development Guarantee scheme.

The five-year facility is designed to help JLR support its extensive network of production partners as manufacturing resumes in phases.

“This cyber attack was not only an assault on an iconic British brand but on our world-leading automotive sector and the men and women whose livelihoods depend on it,” says Business and Trade Secretary Peter Kyle.

The five-week shutdown was the primary cause of the national decline in production, with exports slumping 24.5% in September as shipments to the EU, the US, Turkey, Japan and South Korea stalled.

Mike Hawes, CEO at the SMMT, says: “September's performance comes as no surprise given the total loss of production at Britain's biggest automotive employer following a cyber incident.

“While the situation has improved, the sector remains under immense pressure.”

Rebuilding cyber resilience and UK manufacturing

JLR confirms it is bringing its UK sites back online in a phased approach, but the incident leaves behind serious questions about cyber resilience in UK manufacturing.

JLR, which is second only to Nissan in UK car production, is now under intense pressure to not only rebuild its internal systems but also restore confidence across its vast supplier network.

Despite the production halt, the underlying demand for JLR's vehicles appears to remain strong.

Autotrader’s Commercial Director, Ian Plummer, says: “It'll be a bit like COVID, where, after the shutdown and delays end, there's an increase in demand and sales.”

Ian adds that JLR brands “have the highest number of monthly sales leads on Autotrader, so there is demand out there, even as the pipeline is currently stuck”.

The event has prompted wider scrutiny of the automotive sector’s defences against cyber threats, with industry leaders calling for greater government support.

“The industry is calling for rapid interventions to shore up its competitiveness,” Mike continues.

He suggests that keeping manufacturers' Employee Car Ownership Schemes (ECOS) and “bringing forward other interventions, including programmes to bolster supply chain resilience, would further boost the sector”.

As JLR’s phased restart continues, the full extent of the breach's impact on the UK’s manufacturing backbone will continue to unfold.